Privacy Policy

The Hong Kong Competition Commission (Commission) is committed to fully complying with its obligations under the Personal Data (Privacy) Ordinance, Cap. 486 (“Personal Data (Privacy) Ordinance”) including all applicable data protection principles. In this context, the Commission undertakes to ensure that its staff, agents and contractors comply with the highest standards in relation to information security and data protection.

Subject to any applicable exemption provided for in the Personal Data (Privacy) Ordinance, whenever the Commission collects personal data from individuals, it will provide a Personal Information Collection Statement (“PICS”).

Categories of Personal Data Held by the Commission

The personal data1 held by the Commission includes the name, organisation name, job title, correspondence address, telephone number and email address, etc. of the registrants of the Hong Kong Competition Exchange (Exchange).

Main Purposes of Keeping Personal Data

Personal data held is kept for the purposes of processing the registration and handling relevant matters relating to the Exchange. In particular, the Commission may use your personal data to provide you with details of and information regarding your registration to the Exchange.

For further information in respect of the purposes for which personal data is to be used by the Commission, reference should be made to the applicable PICS.

Information Collected When a Person Visits the Exchange Website

Use of cookies: When a person browses the Exchange website, cookies will be stored on their computer hard drive. The purpose of using cookies is to optimise use of the Exchange website. The Commission does not collect or store any personal data in this circumstance. Persons visiting the Exchange website have a choice to disable cookies in their browser’s security setting.

Statistics on visitors to the Exchange website: When a person visits the Exchange website, the Commission will record their visit as a “hit”. The webserver makes a record of the visit that includes the person’s IP address, the type and configuration of browser used, language settings, geo-location, operating system used by the person, information on the site which redirected the person to the Exchange website (if any), screen resolution information, time/duration of the visit and the pages visited on the Exchange website (webserver access log).

The Commission uses the webserver access log for the purpose of maintaining and improving the Exchange website. The Commission uses the data only for website security purposes, error fixing, enhancement and optimisation purposes.

The Commission does not use website visitor data to personally identify anyone.

Outsourcing Arrangements

The Exchange website is developed and maintained by third-party service providers.

All of these external service providers are bound by a contractual duty to keep confidential any personal data they come into contact with and are prohibited from unauthorised access, use and/or retention of such data.

Protection Measures

The Commission takes appropriate steps to protect the personal data it holds against loss, unauthorised access, use, modification or disclosure.

Retention of Personal Data

The Commission maintains and follows retention policies for records containing personal data to ensure personal data is not kept longer than is necessary for the fulfilment of the purposes (including any directly related purposes) for which the data is or is to be used.

Disclosure of Personal Data

Personal data collected by the Commission may be transferred and/or disclosed to third parties as provided for in the relevant PICS (if any).

Data Access and Correction

If you wish to request access to and/or correction of your personal data held by the Commission, you may do so by completing the Data Access Request Form specified by the Privacy Commissioner for Personal Data and sending the completed form to the Commission’s Data Protection Officer at the following postal address:

Please note that the Commission may refuse to comply with a data access and/or a data correction request in the circumstances specified in section 20 and section 24 of the Personal Data (Privacy) Ordinance.

The Commission may impose a fee for complying with a data access request.